/**
 *
 */
import OpenApi;
import OpenApi.OpenApiUtil;

extends OpenApi;


init(config: OpenApiUtil.Config){
  super(config);
  @signatureAlgorithm = 'v2';
  @endpointRule = '';
  
  checkConfig(config);
  @endpoint = getEndpoint('eiam-developerapi', @regionId, @endpointRule, @network, @suffix, @endpointMap, @endpoint);
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!$isNull(endpoint)) {
    return endpoint;
  }
  
  if (!$isNull(endpointMap) && !$isNull(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return OpenApiUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

model AddUserToOrganizationalUnitsHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model AddUserToOrganizationalUnitsRequest {
  organizationalUnitIds?: [ string ](name='organizationalUnitIds', description='This parameter is required.', example='[ou_wovwffm62xifdziem7an7xxxxx]'),
}

model AddUserToOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 将账户加入多个组织
 *
 * @param request AddUserToOrganizationalUnitsRequest
 * @param headers AddUserToOrganizationalUnitsHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUserToOrganizationalUnitsResponse
 */
async function addUserToOrganizationalUnitsWithOptions(instanceId: string, applicationId: string, userId: string, request: AddUserToOrganizationalUnitsRequest, headers: AddUserToOrganizationalUnitsHeaders, runtime: $RuntimeOptions): AddUserToOrganizationalUnitsResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.organizationalUnitIds)) {
    body['organizationalUnitIds'] = request.organizationalUnitIds;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'AddUserToOrganizationalUnits',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/addUserToOrganizationalUnits`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 将账户加入多个组织
 *
 * @param request AddUserToOrganizationalUnitsRequest
 * @return AddUserToOrganizationalUnitsResponse
 */
async function addUserToOrganizationalUnits(instanceId: string, applicationId: string, userId: string, request: AddUserToOrganizationalUnitsRequest): AddUserToOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new AddUserToOrganizationalUnitsHeaders{};
  return addUserToOrganizationalUnitsWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

model AddUsersToGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model AddUsersToGroupRequest {
  userIds?: [ string ](name='userIds', description='This parameter is required.', example='[user_d6sbsuumeta4h66ec3il7yxxxx}'),
}

model AddUsersToGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 为指定组批量关联账户
 *
 * @param request AddUsersToGroupRequest
 * @param headers AddUsersToGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return AddUsersToGroupResponse
 */
async function addUsersToGroupWithOptions(instanceId: string, applicationId: string, groupId: string, request: AddUsersToGroupRequest, headers: AddUsersToGroupHeaders, runtime: $RuntimeOptions): AddUsersToGroupResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.userIds)) {
    body['userIds'] = request.userIds;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'AddUsersToGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}/actions/addUsersToGroup`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 为指定组批量关联账户
 *
 * @param request AddUsersToGroupRequest
 * @return AddUsersToGroupResponse
 */
async function addUsersToGroup(instanceId: string, applicationId: string, groupId: string, request: AddUsersToGroupRequest): AddUsersToGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new AddUsersToGroupHeaders{};
  return addUsersToGroupWithOptions(instanceId, applicationId, groupId, request, headers, runtime);
}

model CreateGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model CreateGroupRequest {
  groupExternalId?: string(name='groupExternalId', example='group_2bo6lefcewdausyyxxxx'),
  groupName?: string(name='groupName', description='This parameter is required.', example='name001'),
}

model CreateGroupResponseBody = {
  groupId?: string(name='groupId', example='group_wovwffm62xifdziem7an7xxxxx'),
}

model CreateGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateGroupResponseBody(name='body'),
}

/**
 * @summary 创建一个EIAM组
 *
 * @param request CreateGroupRequest
 * @param headers CreateGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateGroupResponse
 */
async function createGroupWithOptions(instanceId: string, applicationId: string, request: CreateGroupRequest, headers: CreateGroupHeaders, runtime: $RuntimeOptions): CreateGroupResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.groupExternalId)) {
    body['groupExternalId'] = request.groupExternalId;
  }
  if (!$isNull(request.groupName)) {
    body['groupName'] = request.groupName;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 创建一个EIAM组
 *
 * @param request CreateGroupRequest
 * @return CreateGroupResponse
 */
async function createGroup(instanceId: string, applicationId: string, request: CreateGroupRequest): CreateGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new CreateGroupHeaders{};
  return createGroupWithOptions(instanceId, applicationId, request, headers, runtime);
}

model CreateOrganizationalUnitHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model CreateOrganizationalUnitRequest {
  description?: string(name='description', description='The description of the organizational unit.', example='test organizational unit'),
  organizationalUnitExternalId?: string(name='organizationalUnitExternalId', description='The external ID of the organizational unit. The external ID can be used to map external data to the data of the organizational unit in Employee Identity and Access Management (EIAM) of Identity as a Service (IDaaS). By default, the external ID is the organizational unit ID.

For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitName?: string(name='organizationalUnitName', description='The name of the organizational unit.

This parameter is required.', example='name001'),
  parentId?: string(name='parentId', description='The ID of the parent organizational unit.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model CreateOrganizationalUnitResponseBody = {
  organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model CreateOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Creates an organizational unit.
 *
 * @param request CreateOrganizationalUnitRequest
 * @param headers CreateOrganizationalUnitHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateOrganizationalUnitResponse
 */
async function createOrganizationalUnitWithOptions(instanceId: string, applicationId: string, request: CreateOrganizationalUnitRequest, headers: CreateOrganizationalUnitHeaders, runtime: $RuntimeOptions): CreateOrganizationalUnitResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.description)) {
    body['description'] = request.description;
  }
  if (!$isNull(request.organizationalUnitExternalId)) {
    body['organizationalUnitExternalId'] = request.organizationalUnitExternalId;
  }
  if (!$isNull(request.organizationalUnitName)) {
    body['organizationalUnitName'] = request.organizationalUnitName;
  }
  if (!$isNull(request.parentId)) {
    body['parentId'] = request.parentId;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateOrganizationalUnit',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an organizational unit.
 *
 * @param request CreateOrganizationalUnitRequest
 * @return CreateOrganizationalUnitResponse
 */
async function createOrganizationalUnit(instanceId: string, applicationId: string, request: CreateOrganizationalUnitRequest): CreateOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new CreateOrganizationalUnitHeaders{};
  return createOrganizationalUnitWithOptions(instanceId, applicationId, request, headers, runtime);
}

model CreateUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model CreateUserRequest {
  customFields?: [ 
    {
      fieldName?: string(name='fieldName', description='Field name', example='age'),
      fieldValue?: string(name='fieldValue', description='Filed value', example='fieldValue_001'),
    }
  ](name='customFields', description='Custom fields'),
  description?: string(name='description', description='The description of the account. The description can be up to 256 characters in length.', example='test user'),
  displayName?: string(name='displayName', description='The display name of the account. The display name can be up to 64 characters in length.', example='display_name001'),
  email?: string(name='email', description='The email address of the user who owns the account.', example='example@example.com'),
  emailVerified?: boolean(name='emailVerified', description='Indicates whether the email address is verified. This field is required if an email address is specified. If you have no special requirement, set this parameter to true.', example='true'),
  password?: string(name='password', description='The password of the account. For information about the password rules, go to the Create User panel in the Identity as a Service (IDaaS) console.', example='xxxxx'),
  passwordInitializationConfig?: {
    passwordForcedUpdateStatus?: string(name='passwordForcedUpdateStatus', description='Password  forced update', example='enabled'),
    passwordInitializationPolicyPriority?: string(name='passwordInitializationPolicyPriority', description='Password policy', example='global'),
    passwordInitializationType?: string(name='passwordInitializationType', description='Password Initialization Type', example='random'),
    userNotificationChannels?: [ string ](name='userNotificationChannels', description='User Notification Channels', example='sms'),
  }(name='passwordInitializationConfig', description='Configure the initial password'),
  phoneNumber?: string(name='phoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
  phoneNumberVerified?: boolean(name='phoneNumberVerified', description='Indicates whether the mobile number is verified. This field is required if a mobile number is specified. If you have no special requirement, set this parameter to true.', example='true'),
  phoneRegion?: string(name='phoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +. This parameter is required if a mobile number is specified.', example='86'),
  primaryOrganizationalUnitId?: string(name='primaryOrganizationalUnitId', description='The ID of the primary organizational unit.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  userExternalId?: string(name='userExternalId', description='The external ID of the account. The external ID can be used to map external data to the data of the account in EIAM of Identity as a Service (IDaaS). By default, the external ID is the account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  username?: string(name='username', description='The username of the account.

This parameter is required.', example='name001'),
}

model CreateUserResponseBody = {
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model CreateUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: CreateUserResponseBody(name='body'),
}

/**
 * @summary Creates an Employee Identity and Access Management (EIAM) account in an organizational unit.
 *
 * @param request CreateUserRequest
 * @param headers CreateUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return CreateUserResponse
 */
async function createUserWithOptions(instanceId: string, applicationId: string, request: CreateUserRequest, headers: CreateUserHeaders, runtime: $RuntimeOptions): CreateUserResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.customFields)) {
    body['customFields'] = request.customFields;
  }
  if (!$isNull(request.description)) {
    body['description'] = request.description;
  }
  if (!$isNull(request.displayName)) {
    body['displayName'] = request.displayName;
  }
  if (!$isNull(request.email)) {
    body['email'] = request.email;
  }
  if (!$isNull(request.emailVerified)) {
    body['emailVerified'] = request.emailVerified;
  }
  if (!$isNull(request.password)) {
    body['password'] = request.password;
  }
  if (!$isNull(request.passwordInitializationConfig)) {
    body['passwordInitializationConfig'] = request.passwordInitializationConfig;
  }
  if (!$isNull(request.phoneNumber)) {
    body['phoneNumber'] = request.phoneNumber;
  }
  if (!$isNull(request.phoneNumberVerified)) {
    body['phoneNumberVerified'] = request.phoneNumberVerified;
  }
  if (!$isNull(request.phoneRegion)) {
    body['phoneRegion'] = request.phoneRegion;
  }
  if (!$isNull(request.primaryOrganizationalUnitId)) {
    body['primaryOrganizationalUnitId'] = request.primaryOrganizationalUnitId;
  }
  if (!$isNull(request.userExternalId)) {
    body['userExternalId'] = request.userExternalId;
  }
  if (!$isNull(request.username)) {
    body['username'] = request.username;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'CreateUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Creates an Employee Identity and Access Management (EIAM) account in an organizational unit.
 *
 * @param request CreateUserRequest
 * @return CreateUserResponse
 */
async function createUser(instanceId: string, applicationId: string, request: CreateUserRequest): CreateUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new CreateUserHeaders{};
  return createUserWithOptions(instanceId, applicationId, request, headers, runtime);
}

model DeleteGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model DeleteGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 删除指定组
 *
 * @param headers DeleteGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteGroupResponse
 */
async function deleteGroupWithOptions(instanceId: string, applicationId: string, groupId: string, headers: DeleteGroupHeaders, runtime: $RuntimeOptions): DeleteGroupResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}`,
    method = 'DELETE',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 删除指定组
 *
 * @return DeleteGroupResponse
 */
async function deleteGroup(instanceId: string, applicationId: string, groupId: string): DeleteGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new DeleteGroupHeaders{};
  return deleteGroupWithOptions(instanceId, applicationId, groupId, headers, runtime);
}

model DeleteOrganizationalUnitHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model DeleteOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Deletes an organizational unit.
 *
 * @param headers DeleteOrganizationalUnitHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteOrganizationalUnitResponse
 */
async function deleteOrganizationalUnitWithOptions(instanceId: string, applicationId: string, organizationalUnitId: string, headers: DeleteOrganizationalUnitHeaders, runtime: $RuntimeOptions): DeleteOrganizationalUnitResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteOrganizationalUnit',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits/${$URL.percentEncode(organizationalUnitId)}`,
    method = 'DELETE',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an organizational unit.
 *
 * @return DeleteOrganizationalUnitResponse
 */
async function deleteOrganizationalUnit(instanceId: string, applicationId: string, organizationalUnitId: string): DeleteOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new DeleteOrganizationalUnitHeaders{};
  return deleteOrganizationalUnitWithOptions(instanceId, applicationId, organizationalUnitId, headers, runtime);
}

model DeleteUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model DeleteUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) account.
 *
 * @param headers DeleteUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return DeleteUserResponse
 */
async function deleteUserWithOptions(instanceId: string, applicationId: string, userId: string, headers: DeleteUserHeaders, runtime: $RuntimeOptions): DeleteUserResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'DeleteUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}`,
    method = 'DELETE',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Deletes an Employee Identity and Access Management (EIAM) account.
 *
 * @return DeleteUserResponse
 */
async function deleteUser(instanceId: string, applicationId: string, userId: string): DeleteUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new DeleteUserHeaders{};
  return deleteUserWithOptions(instanceId, applicationId, userId, headers, runtime);
}

model DisableUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer xxxx'),
}

model DisableUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Disables an Employee Identity and Access Management (EIAM) account.
 *
 * @param headers DisableUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return DisableUserResponse
 */
async function disableUserWithOptions(instanceId: string, applicationId: string, userId: string, headers: DisableUserHeaders, runtime: $RuntimeOptions): DisableUserResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'DisableUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/disable`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Disables an Employee Identity and Access Management (EIAM) account.
 *
 * @return DisableUserResponse
 */
async function disableUser(instanceId: string, applicationId: string, userId: string): DisableUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new DisableUserHeaders{};
  return disableUserWithOptions(instanceId, applicationId, userId, headers, runtime);
}

model EnableUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer xxxx'),
}

model EnableUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Enables an Employee Identity and Access Management (EIAM) account.
 *
 * @param headers EnableUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return EnableUserResponse
 */
async function enableUserWithOptions(instanceId: string, applicationId: string, userId: string, headers: EnableUserHeaders, runtime: $RuntimeOptions): EnableUserResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'EnableUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/enable`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Enables an Employee Identity and Access Management (EIAM) account.
 *
 * @return EnableUserResponse
 */
async function enableUser(instanceId: string, applicationId: string, userId: string): EnableUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new EnableUserHeaders{};
  return enableUserWithOptions(instanceId, applicationId, userId, headers, runtime);
}

model GenerateDeviceCodeRequest {
  scope?: string(name='scope', description='The authorization scope.', example='xxx'),
}

model GenerateDeviceCodeResponseBody = {
  deviceCode?: string(name='device_code', description='The device code.', example='xxxxx'),
  expiresAt?: long(name='expires_at', description='The time when the token expires. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1653288641'),
  expiresIn?: long(name='expires_in', description='The remaining validity period of the device code. Unit: seconds.', example='1200'),
  interval?: long(name='interval', description='The timeout period of the request token. Unit: seconds.', example='5'),
  userCode?: string(name='user_code', description='The user authorization code.', example='xxxxx'),
  verificationUri?: string(name='verification_uri', description='The verification URI.', example='https://example.com/authorize/device'),
  verificationUriComplete?: string(name='verification_uri_complete', description='The complete verification URI.', example='https://example.com/authorize/device?user_code=
xxxx'),
}

model GenerateDeviceCodeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GenerateDeviceCodeResponseBody(name='body'),
}

/**
 * @summary Generates a device code.
 *
 * @param request GenerateDeviceCodeRequest
 * @param headers map
 * @param runtime runtime options for this request RuntimeOptions
 * @return GenerateDeviceCodeResponse
 */
async function generateDeviceCodeWithOptions(instanceId: string, applicationId: string, request: GenerateDeviceCodeRequest, headers: map[string]string, runtime: $RuntimeOptions): GenerateDeviceCodeResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.scope)) {
    query['scope'] = request.scope;
  }

  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = headers,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GenerateDeviceCode',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/oauth2/device/code`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Generates a device code.
 *
 * @param request GenerateDeviceCodeRequest
 * @return GenerateDeviceCodeResponse
 */
async function generateDeviceCode(instanceId: string, applicationId: string, request: GenerateDeviceCodeRequest): GenerateDeviceCodeResponse {
  var runtime = new $RuntimeOptions{};
  var headers : map[string]string = {};
  return generateDeviceCodeWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GenerateTokenRequest {
  clientId?: string(name='client_id', description='The client ID.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  clientSecret?: string(name='client_secret', description='The client secret. This parameter is required if grant_type is set to client_credentials.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
  code?: string(name='code', description='The authorization code. This parameter is required if grant_type is set to authorization_code.', example='xxxx'),
  codeVerifier?: string(name='code_verifier', description='The verification code.', example='xxx'),
  deviceCode?: string(name='device_code', description='The device code. This parameter is required if grant_type is set to authorization_code.urn:ietf:params:oauth:grant-type:device_code.', example='xxxx'),
  exclusiveTag?: string(name='exclusive_tag', description='The excluded tags.', example='ATxxx'),
  grantType?: string(name='grant_type', description='The authorization type. Valid values:

*
*
*
*
*

<!---->

*   authorization_code
*   urn:ietf:params:oauth:grant-type:device_code
*   refresh_token
*   client_credentials: You must specify the client_id and client_secret parameters.
*   password: This option is not supported.

This parameter is required.', example='client_credentials'),
  password?: string(name='password', description='The username. This parameter is required if grant_type is set to password. The password authentication type is not supported.', example='xxxxxx'),
  redirectUri?: string(name='redirect_uri', description='The redirect URI. This parameter is required if grant_type is set to authorization_code. The value of this parameter must be the same as the redirect URI in the request to obtain the authorization code.', example='xxx'),
  refreshToken?: string(name='refresh_token', description='The refreshed token. This parameter is required if grant_type is set to refresh_token.', example='ATxxx'),
  scope?: string(name='scope', description='The authorization scope. Valid values:

*   openid
*   email
*   phone
*   profile', example='xxxx'),
  username?: string(name='username', description='The username. This parameter is required if grant_type is set to password. The password authentication type is not supported.', example='uesrname_001'),
}

model GenerateTokenResponseBody = {
  accessToken?: string(name='access_token', description='The access token.', example='ATxxx'),
  expiresAt?: long(name='expires_at', description='The time when the token expires. This value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1653288641'),
  expiresIn?: long(name='expires_in', description='The remaining validity period of the token. Unit: seconds.', example='1200'),
  idToken?: string(name='id_token', description='The ID token.', example='xxxxx'),
  refreshToken?: string(name='refresh_token', description='The refresh token.', example='RTxxx'),
  tokenType?: string(name='token_type', description='The type of the token. Valid values: Basic Bearer', example='Bearer'),
}

model GenerateTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GenerateTokenResponseBody(name='body'),
}

/**
 * @summary Generates a token for accessing an application in an instance.
 *
 * @description > 
 * *   The following authorization types are supported: authorization code, device code, refresh token, and client credentials.
 *
 * @param request GenerateTokenRequest
 * @param headers map
 * @param runtime runtime options for this request RuntimeOptions
 * @return GenerateTokenResponse
 */
async function generateTokenWithOptions(instanceId: string, applicationId: string, request: GenerateTokenRequest, headers: map[string]string, runtime: $RuntimeOptions): GenerateTokenResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.clientId)) {
    query['client_id'] = request.clientId;
  }
  if (!$isNull(request.clientSecret)) {
    query['client_secret'] = request.clientSecret;
  }
  if (!$isNull(request.code)) {
    query['code'] = request.code;
  }
  if (!$isNull(request.codeVerifier)) {
    query['code_verifier'] = request.codeVerifier;
  }
  if (!$isNull(request.deviceCode)) {
    query['device_code'] = request.deviceCode;
  }
  if (!$isNull(request.exclusiveTag)) {
    query['exclusive_tag'] = request.exclusiveTag;
  }
  if (!$isNull(request.grantType)) {
    query['grant_type'] = request.grantType;
  }
  if (!$isNull(request.password)) {
    query['password'] = request.password;
  }
  if (!$isNull(request.redirectUri)) {
    query['redirect_uri'] = request.redirectUri;
  }
  if (!$isNull(request.refreshToken)) {
    query['refresh_token'] = request.refreshToken;
  }
  if (!$isNull(request.scope)) {
    query['scope'] = request.scope;
  }
  if (!$isNull(request.username)) {
    query['username'] = request.username;
  }

  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = headers,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'GenerateToken',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/oauth2/token`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Generates a token for accessing an application in an instance.
 *
 * @description > 
 * *   The following authorization types are supported: authorization code, device code, refresh token, and client credentials.
 *
 * @param request GenerateTokenRequest
 * @return GenerateTokenResponse
 */
async function generateToken(instanceId: string, applicationId: string, request: GenerateTokenRequest): GenerateTokenResponse {
  var runtime = new $RuntimeOptions{};
  var headers : map[string]string = {};
  return generateTokenWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetApplicationProvisioningScopeHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetApplicationProvisioningScopeResponseBody = {
  groupIds?: [ string ](name='groupIds'),
  organizationalUnitIds?: [ string ](name='organizationalUnitIds', description='The IDs of organizational units.', example='[ou_xxx001]'),
}

model GetApplicationProvisioningScopeResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetApplicationProvisioningScopeResponseBody(name='body'),
}

/**
 * @summary Queries the synchronization scope of an application in an instance.
 *
 * @description > 
 * *   You can go to the Applications page in the IDaaS console to set the synchronization scope. After an application is created, the application has the permission to call this operation by default.
 *
 * @param headers GetApplicationProvisioningScopeHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetApplicationProvisioningScopeResponse
 */
async function getApplicationProvisioningScopeWithOptions(instanceId: string, applicationId: string, headers: GetApplicationProvisioningScopeHeaders, runtime: $RuntimeOptions): GetApplicationProvisioningScopeResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'GetApplicationProvisioningScope',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/provisioningScope`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the synchronization scope of an application in an instance.
 *
 * @description > 
 * *   You can go to the Applications page in the IDaaS console to set the synchronization scope. After an application is created, the application has the permission to call this operation by default.
 *
 * @return GetApplicationProvisioningScopeResponse
 */
async function getApplicationProvisioningScope(instanceId: string, applicationId: string): GetApplicationProvisioningScopeResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetApplicationProvisioningScopeHeaders{};
  return getApplicationProvisioningScopeWithOptions(instanceId, applicationId, headers, runtime);
}

model GetGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model GetGroupResponseBody = {
  createTime?: long(name='createTime', example='1652085686179'),
  description?: string(name='description', example='description_demo'),
  groupExternalId?: string(name='groupExternalId', example='group_ufdsasn35ea5lmthk267xxxxx'),
  groupId?: string(name='groupId', example='group_ufdsasn35ea5lmthk267xxxxx'),
  groupName?: string(name='groupName', example='name_test'),
  groupSourceId?: string(name='groupSourceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  groupSourceType?: string(name='groupSourceType', example='build_in'),
  instanceId?: string(name='instanceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  updateTime?: long(name='updateTime', example='1652085686179'),
}

model GetGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetGroupResponseBody(name='body'),
}

/**
 * @summary 查询一个EIAM组信息
 *
 * @param headers GetGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetGroupResponse
 */
async function getGroupWithOptions(instanceId: string, applicationId: string, groupId: string, headers: GetGroupHeaders, runtime: $RuntimeOptions): GetGroupResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'GetGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询一个EIAM组信息
 *
 * @return GetGroupResponse
 */
async function getGroup(instanceId: string, applicationId: string, groupId: string): GetGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetGroupHeaders{};
  return getGroupWithOptions(instanceId, applicationId, groupId, headers, runtime);
}

model GetOrganizationalUnitHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetOrganizationalUnitResponseBody = {
  createTime?: long(name='createTime', description='The time when the organizational unit was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652083425923'),
  description?: string(name='description', description='The description of the organizational unit.', example='xxxxx'),
  instanceId?: string(name='instanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitExternalId?: string(name='organizationalUnitExternalId', description='The external ID of the organizational unit.', example='id_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitName?: string(name='organizationalUnitName', description='The name of the organizational unit.', example='name001'),
  organizationalUnitSourceId?: string(name='organizationalUnitSourceId', description='The source ID of the organizational unit.', example='id_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitSourceType?: string(name='organizationalUnitSourceType', description='The source type of the organizational unit. Valid values:

*   build_in: The organizational unit was created in Identity as a Service (IDaaS).
*   ding_talk: The organizational unit was imported from DingTalk.
*   ad: The organizational unit was imported from Microsoft Active Directory (AD).
*   ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
  parentId?: string(name='parentId', description='The ID of the parent organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  updateTime?: long(name='updateTime', description='The time when the organizational unit was last updated. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652083425923'),
}

model GetOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetOrganizationalUnitResponseBody(name='body'),
}

/**
 * @summary Queries the information of an organizational unit.
 *
 * @param headers GetOrganizationalUnitHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetOrganizationalUnitResponse
 */
async function getOrganizationalUnitWithOptions(instanceId: string, applicationId: string, organizationalUnitId: string, headers: GetOrganizationalUnitHeaders, runtime: $RuntimeOptions): GetOrganizationalUnitResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'GetOrganizationalUnit',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits/${$URL.percentEncode(organizationalUnitId)}`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of an organizational unit.
 *
 * @return GetOrganizationalUnitResponse
 */
async function getOrganizationalUnit(instanceId: string, applicationId: string, organizationalUnitId: string): GetOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetOrganizationalUnitHeaders{};
  return getOrganizationalUnitWithOptions(instanceId, applicationId, organizationalUnitId, headers, runtime);
}

model GetOrganizationalUnitIdByExternalIdHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetOrganizationalUnitIdByExternalIdRequest {
  organizationalUnitExternalId?: string(name='organizationalUnitExternalId', description='The external ID of the organizational unit. The external ID can be used to map external data to the data of the organizational unit in Employee Identity and Access Management (EIAM) of Identity as a Service (IDaaS). By default, the external ID is the organizational unit ID.

Note: For organizational units with the same source type and source ID, each organizational unit has a unique external ID.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  organizationalUnitSourceId?: string(name='organizationalUnitSourceId', description='The source ID of the organizational unit.

If the organizational unit was created in IDaaS, its source ID is the ID of the IDaaS instance. If the organizational unit was imported, its source ID is the enterprise ID in the source. For example, if the organizational unit was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  organizationalUnitSourceType?: string(name='organizationalUnitSourceType', description='The source type of the organizational unit. Valid values:

*   build_in: The organizational unit was created in IDaaS.
*   ding_talk: The organizational unit was imported from DingTalk.
*   ad: The organizational unit was imported from Microsoft Active Directory (AD).
*   ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.

This parameter is required.', example='build_in'),
}

model GetOrganizationalUnitIdByExternalIdResponseBody = {
  organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model GetOrganizationalUnitIdByExternalIdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetOrganizationalUnitIdByExternalIdResponseBody(name='body'),
}

/**
 * @summary Obtains the ID of an organizational unit based on the external ID
 *
 * @param request GetOrganizationalUnitIdByExternalIdRequest
 * @param headers GetOrganizationalUnitIdByExternalIdHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetOrganizationalUnitIdByExternalIdResponse
 */
async function getOrganizationalUnitIdByExternalIdWithOptions(instanceId: string, applicationId: string, request: GetOrganizationalUnitIdByExternalIdRequest, headers: GetOrganizationalUnitIdByExternalIdHeaders, runtime: $RuntimeOptions): GetOrganizationalUnitIdByExternalIdResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.organizationalUnitExternalId)) {
    body['organizationalUnitExternalId'] = request.organizationalUnitExternalId;
  }
  if (!$isNull(request.organizationalUnitSourceId)) {
    body['organizationalUnitSourceId'] = request.organizationalUnitSourceId;
  }
  if (!$isNull(request.organizationalUnitSourceType)) {
    body['organizationalUnitSourceType'] = request.organizationalUnitSourceType;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetOrganizationalUnitIdByExternalId',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits/_/actions/getOrganizationalUnitIdByExternalId`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Obtains the ID of an organizational unit based on the external ID
 *
 * @param request GetOrganizationalUnitIdByExternalIdRequest
 * @return GetOrganizationalUnitIdByExternalIdResponse
 */
async function getOrganizationalUnitIdByExternalId(instanceId: string, applicationId: string, request: GetOrganizationalUnitIdByExternalIdRequest): GetOrganizationalUnitIdByExternalIdResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetOrganizationalUnitIdByExternalIdHeaders{};
  return getOrganizationalUnitIdByExternalIdWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetUserResponseBody = {
  accountExpireTime?: long(name='accountExpireTime', description='The time when the account expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  createTime?: long(name='createTime', description='The time when the account was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  customFields?: [ 
    {
      fieldName?: string(name='fieldName', description='The name of the extended field.', example='xxxx'),
      fieldValue?: string(name='fieldValue', description='The value of the extended field. Field values are returned as strings regardless of the data types of the fields. For example, true or false is returned for a Boolean field.', example='字段数据值'),
    }
  ](name='customFields', description='The extended fields of the account.'),
  description?: string(name='description', description='The description of the account.', example='xxxx'),
  displayName?: string(name='displayName', description='The display name of the account.', example='display_name001'),
  email?: string(name='email', description='The email address of the user.', example='example@example.com'),
  emailVerified?: boolean(name='emailVerified', description='Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.', example='true'),
  groups?: [ 
    {
      description?: string(name='description', description='组描述。', example='description_demo'),
      groupId?: string(name='groupId', description='组ID。', example='group_ufdsasn35ea5lmthk267xxxxx'),
      groupName?: string(name='groupName', description='组名称。', example='name_test'),
    }
  ](name='groups', description='账户所属组列表。'),
  instanceId?: string(name='instanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  lockExpireTime?: long(name='lockExpireTime', description='The time when the account lock expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  organizationalUnits?: [ 
    {
      organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      organizationalUnitName?: string(name='organizationalUnitName', description='The name of the organizational unit.', example='name001'),
      primary?: boolean(name='primary', description='Indicates whether the organizational unit is the primary organizational unit.', example='true'),
    }
  ](name='organizationalUnits', description='The organizational units to which the account belongs.'),
  passwordSet?: boolean(name='passwordSet', description='Indicates whether the password is set.', example='true'),
  phoneNumber?: string(name='phoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
  phoneNumberVerified?: boolean(name='phoneNumberVerified', description='Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.', example='true'),
  phoneRegion?: string(name='phoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', example='86'),
  primaryOrganizationalUnitId?: string(name='primaryOrganizationalUnitId', description='The ID of the primary organizational unit of the account.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  registerTime?: long(name='registerTime', description='The time when the account was registered. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  status?: string(name='status', description='The status of the account. Valid values: enabled disabled', example='enabled'),
  updateTime?: long(name='updateTime', description='The time when the account was last modified. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
  userExternalId?: string(name='userExternalId', description='The external ID of the account. The external ID can be used to map external data to the data of the account in EIAM of Identity as a Service (IDaaS). By default, the external ID is the account ID.

Note: For accounts with the same source type and source ID, each account has a unique external ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
  userSourceId?: string(name='userSourceId', description='The source ID of the account.

If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userSourceType?: string(name='userSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in IDaaS.
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
  username?: string(name='username', description='The username of the account.', example='name001'),
}

model GetUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserResponseBody(name='body'),
}

/**
 * @summary Queries the information of an Employee Identity and Access Management (EIAM) account.
 *
 * @param headers GetUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserResponse
 */
async function getUserWithOptions(instanceId: string, applicationId: string, userId: string, headers: GetUserHeaders, runtime: $RuntimeOptions): GetUserResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of an Employee Identity and Access Management (EIAM) account.
 *
 * @return GetUserResponse
 */
async function getUser(instanceId: string, applicationId: string, userId: string): GetUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserHeaders{};
  return getUserWithOptions(instanceId, applicationId, userId, headers, runtime);
}

model GetUserIdByEmailHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetUserIdByEmailRequest {
  email?: string(name='email', description='The email address of the user who owns the account.

This parameter is required.', example='example@example.com'),
}

model GetUserIdByEmailResponseBody = {
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model GetUserIdByEmailResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserIdByEmailResponseBody(name='body'),
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account by email address.
 *
 * @param request GetUserIdByEmailRequest
 * @param headers GetUserIdByEmailHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserIdByEmailResponse
 */
async function getUserIdByEmailWithOptions(instanceId: string, applicationId: string, request: GetUserIdByEmailRequest, headers: GetUserIdByEmailHeaders, runtime: $RuntimeOptions): GetUserIdByEmailResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.email)) {
    body['email'] = request.email;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUserIdByEmail',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/_/actions/getUserIdByEmail`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account by email address.
 *
 * @param request GetUserIdByEmailRequest
 * @return GetUserIdByEmailResponse
 */
async function getUserIdByEmail(instanceId: string, applicationId: string, request: GetUserIdByEmailRequest): GetUserIdByEmailResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserIdByEmailHeaders{};
  return getUserIdByEmailWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetUserIdByPhoneNumberHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetUserIdByPhoneNumberRequest {
  phoneNumber?: string(name='phoneNumber', description='The mobile number of the user who owns the account.

This parameter is required.', example='156xxxxxxx'),
}

model GetUserIdByPhoneNumberResponseBody = {
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model GetUserIdByPhoneNumberResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserIdByPhoneNumberResponseBody(name='body'),
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number.
 *
 * @param request GetUserIdByPhoneNumberRequest
 * @param headers GetUserIdByPhoneNumberHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserIdByPhoneNumberResponse
 */
async function getUserIdByPhoneNumberWithOptions(instanceId: string, applicationId: string, request: GetUserIdByPhoneNumberRequest, headers: GetUserIdByPhoneNumberHeaders, runtime: $RuntimeOptions): GetUserIdByPhoneNumberResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.phoneNumber)) {
    body['phoneNumber'] = request.phoneNumber;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUserIdByPhoneNumber',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/_/actions/getUserIdByPhoneNumber`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the mobile number.
 *
 * @param request GetUserIdByPhoneNumberRequest
 * @return GetUserIdByPhoneNumberResponse
 */
async function getUserIdByPhoneNumber(instanceId: string, applicationId: string, request: GetUserIdByPhoneNumberRequest): GetUserIdByPhoneNumberResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserIdByPhoneNumberHeaders{};
  return getUserIdByPhoneNumberWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetUserIdByUserExternalIdHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model GetUserIdByUserExternalIdRequest {
  userExternalId?: string(name='userExternalId', description='The external ID of the account.

This parameter is required.', example='xxx001'),
  userSourceId?: string(name='userSourceId', description='The source ID of the account. If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.

This parameter is required.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
  userSourceType?: string(name='userSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in Identity as a Service (IDaaS).
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.

This parameter is required.', example='build_in'),
}

model GetUserIdByUserExternalIdResponseBody = {
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model GetUserIdByUserExternalIdResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserIdByUserExternalIdResponseBody(name='body'),
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID.
 *
 * @param request GetUserIdByUserExternalIdRequest
 * @param headers GetUserIdByUserExternalIdHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserIdByUserExternalIdResponse
 */
async function getUserIdByUserExternalIdWithOptions(instanceId: string, applicationId: string, request: GetUserIdByUserExternalIdRequest, headers: GetUserIdByUserExternalIdHeaders, runtime: $RuntimeOptions): GetUserIdByUserExternalIdResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.userExternalId)) {
    body['userExternalId'] = request.userExternalId;
  }
  if (!$isNull(request.userSourceId)) {
    body['userSourceId'] = request.userSourceId;
  }
  if (!$isNull(request.userSourceType)) {
    body['userSourceType'] = request.userSourceType;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUserIdByUserExternalId',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/_/actions/getUserIdByExternalId`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the external ID.
 *
 * @param request GetUserIdByUserExternalIdRequest
 * @return GetUserIdByUserExternalIdResponse
 */
async function getUserIdByUserExternalId(instanceId: string, applicationId: string, request: GetUserIdByUserExternalIdRequest): GetUserIdByUserExternalIdResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserIdByUserExternalIdHeaders{};
  return getUserIdByUserExternalIdWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetUserIdByUsernameHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer xxxx'),
}

model GetUserIdByUsernameRequest {
  username?: string(name='username', description='The username of the account.

This parameter is required.', example='username_001'),
}

model GetUserIdByUsernameResponseBody = {
  userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
}

model GetUserIdByUsernameResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: GetUserIdByUsernameResponseBody(name='body'),
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username.
 *
 * @param request GetUserIdByUsernameRequest
 * @param headers GetUserIdByUsernameHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserIdByUsernameResponse
 */
async function getUserIdByUsernameWithOptions(instanceId: string, applicationId: string, request: GetUserIdByUsernameRequest, headers: GetUserIdByUsernameHeaders, runtime: $RuntimeOptions): GetUserIdByUsernameResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.username)) {
    body['username'] = request.username;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUserIdByUsername',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/_/actions/getUserIdByUsername`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the ID of an Employee Identity and Access Management (EIAM) account based on the username.
 *
 * @param request GetUserIdByUsernameRequest
 * @return GetUserIdByUsernameResponse
 */
async function getUserIdByUsername(instanceId: string, applicationId: string, request: GetUserIdByUsernameRequest): GetUserIdByUsernameResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserIdByUsernameHeaders{};
  return getUserIdByUsernameWithOptions(instanceId, applicationId, request, headers, runtime);
}

model GetUserInfoHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer xxxx'),
}

model GetUserInfoResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: object(name='body'),
}

/**
 * @summary Queries the information of a user by using the user token.
 *
 * @param headers GetUserInfoHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return GetUserInfoResponse
 */
async function getUserInfoWithOptions(instanceId: string, applicationId: string, headers: GetUserInfoHeaders, runtime: $RuntimeOptions): GetUserInfoResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'GetUserInfo',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/oauth2/userinfo`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of a user by using the user token.
 *
 * @return GetUserInfoResponse
 */
async function getUserInfo(instanceId: string, applicationId: string): GetUserInfoResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new GetUserInfoHeaders{};
  return getUserInfoWithOptions(instanceId, applicationId, headers, runtime);
}

model ListGroupsHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model ListGroupsRequest {
  groupNameStartWith?: string(name='groupNameStartWith', example='group_xxx'),
  maxResults?: int32(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', description='nextToken', example='NTxxx'),
}

model ListGroupsResponseBody = {
  data?: [ 
    {
      createTime?: long(name='createTime', example='1652085686179'),
      description?: string(name='description', example='description_demo'),
      groupExternalId?: string(name='groupExternalId', example='group_ufdsasn35ea5lmthk267xxxxx'),
      groupId?: string(name='groupId', example='group_ufdsasn35ea5lmthk267xxxxx'),
      groupName?: string(name='groupName', example='name_test'),
      groupSourceId?: string(name='groupSourceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      groupSourceType?: string(name='groupSourceType', example='build_in'),
      instanceId?: string(name='instanceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      updateTime?: long(name='updateTime', example='1652085686179'),
    }
  ](name='data'),
  maxResults?: int32(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', example='NTxxx'),
  totalCount?: long(name='totalCount', example='1000'),
}

model ListGroupsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsResponseBody(name='body'),
}

/**
 * @summary 查询组列表
 *
 * @param request ListGroupsRequest
 * @param headers ListGroupsHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsResponse
 */
async function listGroupsWithOptions(instanceId: string, applicationId: string, request: ListGroupsRequest, headers: ListGroupsHeaders, runtime: $RuntimeOptions): ListGroupsResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.groupNameStartWith)) {
    query['groupNameStartWith'] = request.groupNameStartWith;
  }
  if (!$isNull(request.maxResults)) {
    query['maxResults'] = request.maxResults;
  }
  if (!$isNull(request.nextToken)) {
    query['nextToken'] = request.nextToken;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListGroups',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询组列表
 *
 * @param request ListGroupsRequest
 * @return ListGroupsResponse
 */
async function listGroups(instanceId: string, applicationId: string, request: ListGroupsRequest): ListGroupsResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListGroupsHeaders{};
  return listGroupsWithOptions(instanceId, applicationId, request, headers, runtime);
}

model ListGroupsForUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model ListGroupsForUserRequest {
  maxResults?: int32(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', description='nextToken', example='NTxxx'),
}

model ListGroupsForUserResponseBody = {
  data?: [ 
    {
      groupId?: string(name='groupId', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
      groupMemberRelationSourceId?: string(name='groupMemberRelationSourceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      groupMemberRelationSourceType?: string(name='groupMemberRelationSourceType', example='build_in'),
      instanceId?: string(name='instanceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
    }
  ](name='data'),
  maxResults?: long(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', example='NTxxx'),
  totalCount?: long(name='totalCount', example='1000'),
}

model ListGroupsForUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListGroupsForUserResponseBody(name='body'),
}

/**
 * @summary 获取账户关联组列表
 *
 * @param request ListGroupsForUserRequest
 * @param headers ListGroupsForUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUserWithOptions(instanceId: string, applicationId: string, userId: string, request: ListGroupsForUserRequest, headers: ListGroupsForUserHeaders, runtime: $RuntimeOptions): ListGroupsForUserResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.maxResults)) {
    query['maxResults'] = request.maxResults;
  }
  if (!$isNull(request.nextToken)) {
    query['nextToken'] = request.nextToken;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListGroupsForUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/listGroupsForUser`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 获取账户关联组列表
 *
 * @param request ListGroupsForUserRequest
 * @return ListGroupsForUserResponse
 */
async function listGroupsForUser(instanceId: string, applicationId: string, userId: string, request: ListGroupsForUserRequest): ListGroupsForUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListGroupsForUserHeaders{};
  return listGroupsForUserWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

model ListOrganizationalUnitParentIdsHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model ListOrganizationalUnitParentIdsResponseBody = {
  parentIds?: [ string ](name='parentIds', description='The IDs of the parent organizational units. The IDs of the organizational unit are ordered based on their levels from high to low. Only the IDs of the organizational units within the authorization scope are displayed.', example='[ou_xxx001]'),
}

model ListOrganizationalUnitParentIdsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOrganizationalUnitParentIdsResponseBody(name='body'),
}

/**
 * @summary Queries the information of all the parent organizational units of an organizational unit.
 *
 * @param headers ListOrganizationalUnitParentIdsHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOrganizationalUnitParentIdsResponse
 */
async function listOrganizationalUnitParentIdsWithOptions(instanceId: string, applicationId: string, organizationalUnitId: string, headers: ListOrganizationalUnitParentIdsHeaders, runtime: $RuntimeOptions): ListOrganizationalUnitParentIdsResponse {
  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
  };
  var params = new OpenApiUtil.Params{
    action = 'ListOrganizationalUnitParentIds',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits/${$URL.percentEncode(organizationalUnitId)}/parentIds`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of all the parent organizational units of an organizational unit.
 *
 * @return ListOrganizationalUnitParentIdsResponse
 */
async function listOrganizationalUnitParentIds(instanceId: string, applicationId: string, organizationalUnitId: string): ListOrganizationalUnitParentIdsResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListOrganizationalUnitParentIdsHeaders{};
  return listOrganizationalUnitParentIdsWithOptions(instanceId, applicationId, organizationalUnitId, headers, runtime);
}

model ListOrganizationalUnitsHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model ListOrganizationalUnitsRequest {
  pageNumber?: int32(name='pageNumber', description='The page number. Default value: 1.', example='1'),
  pageSize?: int32(name='pageSize', description='The number of entries per page. Default value: 20. Valid values: 1 to 100.', example='20'),
  parentId?: string(name='parentId', description='The ID of the parent organizational unit.

This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model ListOrganizationalUnitsResponseBody = {
  data?: [ 
    {
      createTime?: long(name='createTime', description='The time when the organizational unit was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652083425923'),
      description?: string(name='description', description='The description of the organizational unit.', example='test organizational unit'),
      instanceId?: string(name='instanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      organizationalUnitExternalId?: string(name='organizationalUnitExternalId', description='The external ID of the organizational unit. The external ID can be used to map external data to the data of the organizational unit in EIAM of Identity as a Service (IDaaS). By default, the external ID is the organizational unit ID.

Note: For organizational units with the same source type and source ID, each organizational unit has a unique external ID.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      organizationalUnitName?: string(name='organizationalUnitName', description='The name of the organizational unit.', example='name001'),
      organizationalUnitSourceId?: string(name='organizationalUnitSourceId', description='The source ID of the organizational unit.

If the organizational unit was created in IDaaS, its source ID is the ID of the IDaaS instance. If the organizational unit was imported, its source ID is the enterprise ID in the source. For example, if the organizational unit was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      organizationalUnitSourceType?: string(name='organizationalUnitSourceType', description='The source type of the organizational unit. Valid values:

*   build_in: The organizational unit was created in IDaaS.
*   ding_talk: The organizational unit was imported from DingTalk.
*   ad: The organizational unit was imported from Microsoft Active Directory (AD).
*   ldap: The organizational unit was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
      parentId?: string(name='parentId', description='The ID of the parent organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
      updateTime?: long(name='updateTime', description='The time when the organizational unit was last updated. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652083425923'),
    }
  ](name='data', description='The queried organizational units.'),
  totalCount?: long(name='totalCount', description='The total number of entries returned.', example='1000'),
}

model ListOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListOrganizationalUnitsResponseBody(name='body'),
}

/**
 * @summary Queries the information of Employee Identity and Access Management (EIAM) organizational units by page.
 *
 * @param request ListOrganizationalUnitsRequest
 * @param headers ListOrganizationalUnitsHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListOrganizationalUnitsResponse
 */
async function listOrganizationalUnitsWithOptions(instanceId: string, applicationId: string, request: ListOrganizationalUnitsRequest, headers: ListOrganizationalUnitsHeaders, runtime: $RuntimeOptions): ListOrganizationalUnitsResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.pageNumber)) {
    query['pageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['pageSize'] = request.pageSize;
  }
  if (!$isNull(request.parentId)) {
    query['parentId'] = request.parentId;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListOrganizationalUnits',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of Employee Identity and Access Management (EIAM) organizational units by page.
 *
 * @param request ListOrganizationalUnitsRequest
 * @return ListOrganizationalUnitsResponse
 */
async function listOrganizationalUnits(instanceId: string, applicationId: string, request: ListOrganizationalUnitsRequest): ListOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListOrganizationalUnitsHeaders{};
  return listOrganizationalUnitsWithOptions(instanceId, applicationId, request, headers, runtime);
}

model ListUsersHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model ListUsersRequest {
  organizationalUnitId?: string(name='organizationalUnitId', description='The ID of the organizational unit.', example='ou_wovwffm62xifdziem7an7xxxxx'),
  pageNumber?: int32(name='pageNumber', description='The page number. Default value: 1.', example='1'),
  pageSize?: int32(name='pageSize', description='The number of entries per page. Default value: 20. Valid values: 1 to 100.', example='20'),
}

model ListUsersResponseBody = {
  data?: [ 
    {
      accountExpireTime?: long(name='accountExpireTime', description='The time when the account expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      createTime?: long(name='createTime', description='The time when the account was created. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      description?: string(name='description', example='xxxx'),
      displayName?: string(name='displayName', description='The display name of the account.', example='display_name001'),
      email?: string(name='email', description='The email address of the user who owns the account.', example='example@example.com'),
      emailVerified?: boolean(name='emailVerified', description='Indicates whether the email address has been verified. A value of true indicates that the email address has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the email address has not been verified.', example='true'),
      instanceId?: string(name='instanceId', description='The instance ID.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      lockExpireTime?: long(name='lockExpireTime', description='The time when the account lock expires. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      passwordSet?: boolean(name='passwordSet', description='密码是否已设置', example='true'),
      phoneNumber?: string(name='phoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
      phoneNumberVerified?: boolean(name='phoneNumberVerified', description='Indicates whether the mobile number has been verified. A value of true indicates that the mobile number has been verified by the user or has been set to the verified status by the administrator. A value of false indicates that the mobile number has not been verified.', example='true'),
      phoneRegion?: string(name='phoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +.', example='86'),
      registerTime?: long(name='registerTime', description='The time when the account was registered. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      status?: string(name='status', description='The status of the account. Valid values: enabled disabled', example='enabled'),
      updateTime?: long(name='updateTime', description='The time when the account was last modified. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since January 1, 1970, 00:00:00 UTC.', example='1652085686179'),
      userExternalId?: string(name='userExternalId', description='The external ID of the account. The external ID can be used to map external data to the data of the account in EIAM of Identity as a Service (IDaaS). By default, the external ID is the account ID.

Note: For accounts with the same source type and source ID, each account has a unique external ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
      userId?: string(name='userId', description='The account ID.', example='user_d6sbsuumeta4h66ec3il7yxxxx'),
      userSourceId?: string(name='userSourceId', description='The source ID of the account.

If the account was created in IDaaS, its source ID is the ID of the IDaaS instance. If the account was imported, its source ID is the enterprise ID in the source. For example, if the account was imported from DingTalk, its source ID is the corpId value of the enterprise in DingTalk.', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      userSourceType?: string(name='userSourceType', description='The source type of the account. Valid values:

*   build_in: The account was created in IDaaS.
*   ding_talk: The account was imported from DingTalk.
*   ad: The account was imported from Microsoft Active Directory (AD).
*   ldap: The account was imported from a Lightweight Directory Access Protocol (LDAP) service.', example='build_in'),
      username?: string(name='username', description='The username of the account.', example='name001'),
    }
  ](name='data', description='The queried EIAM accounts.'),
  totalCount?: long(name='totalCount', description='The total number of entries returned.', example='1000'),
}

model ListUsersResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersResponseBody(name='body'),
}

/**
 * @summary Queries the information of Employee Identity and Access Management (EIAM) accounts by page.
 *
 * @param request ListUsersRequest
 * @param headers ListUsersHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersResponse
 */
async function listUsersWithOptions(instanceId: string, applicationId: string, request: ListUsersRequest, headers: ListUsersHeaders, runtime: $RuntimeOptions): ListUsersResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.organizationalUnitId)) {
    query['organizationalUnitId'] = request.organizationalUnitId;
  }
  if (!$isNull(request.pageNumber)) {
    query['pageNumber'] = request.pageNumber;
  }
  if (!$isNull(request.pageSize)) {
    query['pageSize'] = request.pageSize;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListUsers',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Queries the information of Employee Identity and Access Management (EIAM) accounts by page.
 *
 * @param request ListUsersRequest
 * @return ListUsersResponse
 */
async function listUsers(instanceId: string, applicationId: string, request: ListUsersRequest): ListUsersResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListUsersHeaders{};
  return listUsersWithOptions(instanceId, applicationId, request, headers, runtime);
}

model ListUsersForGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model ListUsersForGroupRequest {
  maxResults?: int32(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', description='nextToken', example='NTxxx'),
}

model ListUsersForGroupResponseBody = {
  data?: [ 
    {
      instanceId?: string(name='instanceId', example='idaas_ue2jvisn35ea5lmthk267xxxxx'),
      userId?: string(name='userId', example='user_001'),
    }
  ](name='data'),
  maxResults?: int32(name='maxResults', example='20'),
  nextToken?: string(name='nextToken', example='NTxxx'),
  totalCount?: long(name='totalCount', example='1000'),
}

model ListUsersForGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: ListUsersForGroupResponseBody(name='body'),
}

/**
 * @summary 查询指定组下账户IDS
 *
 * @param request ListUsersForGroupRequest
 * @param headers ListUsersForGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroupWithOptions(instanceId: string, applicationId: string, groupId: string, request: ListUsersForGroupRequest, headers: ListUsersForGroupHeaders, runtime: $RuntimeOptions): ListUsersForGroupResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.maxResults)) {
    query['maxResults'] = request.maxResults;
  }
  if (!$isNull(request.nextToken)) {
    query['nextToken'] = request.nextToken;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'ListUsersForGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}/actions/listUsersForGroup`,
    method = 'GET',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 查询指定组下账户IDS
 *
 * @param request ListUsersForGroupRequest
 * @return ListUsersForGroupResponse
 */
async function listUsersForGroup(instanceId: string, applicationId: string, groupId: string, request: ListUsersForGroupRequest): ListUsersForGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new ListUsersForGroupHeaders{};
  return listUsersForGroupWithOptions(instanceId, applicationId, groupId, request, headers, runtime);
}

model PatchGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model PatchGroupRequest {
  groupName?: string(name='groupName', example='name001'),
}

model PatchGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 更新组信息
 *
 * @param request PatchGroupRequest
 * @param headers PatchGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return PatchGroupResponse
 */
async function patchGroupWithOptions(instanceId: string, applicationId: string, groupId: string, request: PatchGroupRequest, headers: PatchGroupHeaders, runtime: $RuntimeOptions): PatchGroupResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.groupName)) {
    body['groupName'] = request.groupName;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'PatchGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}`,
    method = 'PATCH',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 更新组信息
 *
 * @param request PatchGroupRequest
 * @return PatchGroupResponse
 */
async function patchGroup(instanceId: string, applicationId: string, groupId: string, request: PatchGroupRequest): PatchGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new PatchGroupHeaders{};
  return patchGroupWithOptions(instanceId, applicationId, groupId, request, headers, runtime);
}

model PatchOrganizationalUnitHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model PatchOrganizationalUnitRequest {
  description?: string(name='description', description='The description of the organizational unit.', example='test organizational unit'),
  organizationalUnitName?: string(name='organizationalUnitName', description='The name of the organizational unit.', example='name001'),
}

model PatchOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Modifies an EIAM organizational unit.
 *
 * @description The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.
 *
 * @param request PatchOrganizationalUnitRequest
 * @param headers PatchOrganizationalUnitHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return PatchOrganizationalUnitResponse
 */
async function patchOrganizationalUnitWithOptions(instanceId: string, applicationId: string, organizationalUnitId: string, request: PatchOrganizationalUnitRequest, headers: PatchOrganizationalUnitHeaders, runtime: $RuntimeOptions): PatchOrganizationalUnitResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.description)) {
    body['description'] = request.description;
  }
  if (!$isNull(request.organizationalUnitName)) {
    body['organizationalUnitName'] = request.organizationalUnitName;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'PatchOrganizationalUnit',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/organizationalUnits/${$URL.percentEncode(organizationalUnitId)}`,
    method = 'PATCH',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies an EIAM organizational unit.
 *
 * @description The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.
 *
 * @param request PatchOrganizationalUnitRequest
 * @return PatchOrganizationalUnitResponse
 */
async function patchOrganizationalUnit(instanceId: string, applicationId: string, organizationalUnitId: string, request: PatchOrganizationalUnitRequest): PatchOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new PatchOrganizationalUnitHeaders{};
  return patchOrganizationalUnitWithOptions(instanceId, applicationId, organizationalUnitId, request, headers, runtime);
}

model PatchUserHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='The authentication information. Format: Bearer ${access_token}. Example: Bearer ATxxxx.

This parameter is required.', example='Bearer AT8csE2seYxxxxxij'),
}

model PatchUserRequest {
  customFields?: [ 
    {
      fieldName?: string(name='fieldName', example='age'),
      fieldValue?: string(name='fieldValue', example='test_value'),
      operation?: string(name='operation', description='字段操作类型，取值可选范围：
- add：添加。
- replace：替换。若对应扩展字段无设置值，会转换为add操作。
- remove：移除。', example='replace'),
      operator?: string(name='operator', example='replace', deprecated=true),
    }
  ](name='customFields'),
  displayName?: string(name='displayName', description='The display name of the account.', example='display_name001'),
  email?: string(name='email', description='The email address of the user who owns the account.', example='example@example.com'),
  emailVerified?: boolean(name='emailVerified', description='Indicates whether the email address is verified. This field is required if an email address is specified. If you have no special requirement, set this parameter to true.', example='true'),
  phoneNumber?: string(name='phoneNumber', description='The mobile number of the user who owns the account.', example='156xxxxxxx'),
  phoneNumberVerified?: boolean(name='phoneNumberVerified', description='Indicates whether the mobile number is verified. This field is required if a mobile number is specified. If you have no special requirement, set this parameter to true.', example='true'),
  phoneRegion?: string(name='phoneRegion', description='The country code of the mobile number. For example, the country code of China is 86 without 00 or +. This parameter is required if a mobile number is specified.', example='86'),
  username?: string(name='username', description='The username of the account.', example='name001'),
}

model PatchUserResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary Modifies an Employee Identity and Access Management (EIAM) account.
 *
 * @description The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.
 *
 * @param request PatchUserRequest
 * @param headers PatchUserHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return PatchUserResponse
 */
async function patchUserWithOptions(instanceId: string, applicationId: string, userId: string, request: PatchUserRequest, headers: PatchUserHeaders, runtime: $RuntimeOptions): PatchUserResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.customFields)) {
    body['customFields'] = request.customFields;
  }
  if (!$isNull(request.displayName)) {
    body['displayName'] = request.displayName;
  }
  if (!$isNull(request.email)) {
    body['email'] = request.email;
  }
  if (!$isNull(request.emailVerified)) {
    body['emailVerified'] = request.emailVerified;
  }
  if (!$isNull(request.phoneNumber)) {
    body['phoneNumber'] = request.phoneNumber;
  }
  if (!$isNull(request.phoneNumberVerified)) {
    body['phoneNumberVerified'] = request.phoneNumberVerified;
  }
  if (!$isNull(request.phoneRegion)) {
    body['phoneRegion'] = request.phoneRegion;
  }
  if (!$isNull(request.username)) {
    body['username'] = request.username;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'PatchUser',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}`,
    method = 'PATCH',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Modifies an Employee Identity and Access Management (EIAM) account.
 *
 * @description The operation conforms to the HTTP PATCH request method. The value of a parameter is modified only if the parameter is specified in the request.
 *
 * @param request PatchUserRequest
 * @return PatchUserResponse
 */
async function patchUser(instanceId: string, applicationId: string, userId: string, request: PatchUserRequest): PatchUserResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new PatchUserHeaders{};
  return patchUserWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

model RemoveUserFromOrganizationalUnitsHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model RemoveUserFromOrganizationalUnitsRequest {
  organizationalUnitIds?: [ string ](name='organizationalUnitIds', description='This parameter is required.', example='[ou_wovwffm62xifdziem7an7xxxxx]'),
}

model RemoveUserFromOrganizationalUnitsResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 将账户从多个组织移除【不支持移除主组织】
 *
 * @param request RemoveUserFromOrganizationalUnitsRequest
 * @param headers RemoveUserFromOrganizationalUnitsHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUserFromOrganizationalUnitsResponse
 */
async function removeUserFromOrganizationalUnitsWithOptions(instanceId: string, applicationId: string, userId: string, request: RemoveUserFromOrganizationalUnitsRequest, headers: RemoveUserFromOrganizationalUnitsHeaders, runtime: $RuntimeOptions): RemoveUserFromOrganizationalUnitsResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.organizationalUnitIds)) {
    body['organizationalUnitIds'] = request.organizationalUnitIds;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'RemoveUserFromOrganizationalUnits',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/removeUserFromOrganizationalUnits`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 将账户从多个组织移除【不支持移除主组织】
 *
 * @param request RemoveUserFromOrganizationalUnitsRequest
 * @return RemoveUserFromOrganizationalUnitsResponse
 */
async function removeUserFromOrganizationalUnits(instanceId: string, applicationId: string, userId: string, request: RemoveUserFromOrganizationalUnitsRequest): RemoveUserFromOrganizationalUnitsResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new RemoveUserFromOrganizationalUnitsHeaders{};
  return removeUserFromOrganizationalUnitsWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

model RemoveUsersFromGroupHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model RemoveUsersFromGroupRequest {
  userIds?: [ string ](name='userIds', description='This parameter is required.', example='[user_d6sbsuumeta4h66ec3il7yxxxx}'),
}

model RemoveUsersFromGroupResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 为指定组批量解除账户关联
 *
 * @param request RemoveUsersFromGroupRequest
 * @param headers RemoveUsersFromGroupHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return RemoveUsersFromGroupResponse
 */
async function removeUsersFromGroupWithOptions(instanceId: string, applicationId: string, groupId: string, request: RemoveUsersFromGroupRequest, headers: RemoveUsersFromGroupHeaders, runtime: $RuntimeOptions): RemoveUsersFromGroupResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.userIds)) {
    body['userIds'] = request.userIds;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'RemoveUsersFromGroup',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/groups/${$URL.percentEncode(groupId)}/actions/removeUsersFromGroup`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 为指定组批量解除账户关联
 *
 * @param request RemoveUsersFromGroupRequest
 * @return RemoveUsersFromGroupResponse
 */
async function removeUsersFromGroup(instanceId: string, applicationId: string, groupId: string, request: RemoveUsersFromGroupRequest): RemoveUsersFromGroupResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new RemoveUsersFromGroupHeaders{};
  return removeUsersFromGroupWithOptions(instanceId, applicationId, groupId, request, headers, runtime);
}

model RevokeTokenRequest {
  clientId?: string(name='client_id', description='The client ID.', example='app_mkv7rgt4d7i4u7zqtzev2mxxxx'),
  clientSecret?: string(name='client_secret', description='The client secret.', example='CSEHDcHcrUKHw1CuxkJEHPveWRXBGqVqRsxxxx'),
  token?: string(name='token', description='The token to be revoked.

This parameter is required.', example='ATxxxx'),
  tokenTypeHint?: string(name='token_type_hint', description='The type of the token. Valid values: access_token refresh_token', example='access_token'),
}

model RevokeTokenResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
  body?: object(name='body'),
}

/**
 * @summary Revokes an access token or refresh token.
 *
 * @param request RevokeTokenRequest
 * @param headers map
 * @param runtime runtime options for this request RuntimeOptions
 * @return RevokeTokenResponse
 */
async function revokeTokenWithOptions(instanceId: string, applicationId: string, request: RevokeTokenRequest, headers: map[string]string, runtime: $RuntimeOptions): RevokeTokenResponse {
  request.validate();
  var query : map[string]any = {};
  if (!$isNull(request.clientId)) {
    query['client_id'] = request.clientId;
  }
  if (!$isNull(request.clientSecret)) {
    query['client_secret'] = request.clientSecret;
  }
  if (!$isNull(request.token)) {
    query['token'] = request.token;
  }
  if (!$isNull(request.tokenTypeHint)) {
    query['token_type_hint'] = request.tokenTypeHint;
  }

  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = headers,
    query = OpenApiUtil.query(query),
  };
  var params = new OpenApiUtil.Params{
    action = 'RevokeToken',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/oauth2/revoke`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'json',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary Revokes an access token or refresh token.
 *
 * @param request RevokeTokenRequest
 * @return RevokeTokenResponse
 */
async function revokeToken(instanceId: string, applicationId: string, request: RevokeTokenRequest): RevokeTokenResponse {
  var runtime = new $RuntimeOptions{};
  var headers : map[string]string = {};
  return revokeTokenWithOptions(instanceId, applicationId, request, headers, runtime);
}

model SetUserPrimaryOrganizationalUnitHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model SetUserPrimaryOrganizationalUnitRequest {
  organizationalUnitId?: string(name='organizationalUnitId', description='This parameter is required.', example='ou_wovwffm62xifdziem7an7xxxxx'),
}

model SetUserPrimaryOrganizationalUnitResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 将指定组织设置为账户主组织，移除旧主组织，加入新主组织。
 *
 * @param request SetUserPrimaryOrganizationalUnitRequest
 * @param headers SetUserPrimaryOrganizationalUnitHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return SetUserPrimaryOrganizationalUnitResponse
 */
async function setUserPrimaryOrganizationalUnitWithOptions(instanceId: string, applicationId: string, userId: string, request: SetUserPrimaryOrganizationalUnitRequest, headers: SetUserPrimaryOrganizationalUnitHeaders, runtime: $RuntimeOptions): SetUserPrimaryOrganizationalUnitResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.organizationalUnitId)) {
    body['organizationalUnitId'] = request.organizationalUnitId;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'SetUserPrimaryOrganizationalUnit',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/setUserPrimaryOrganizationalUnit`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 将指定组织设置为账户主组织，移除旧主组织，加入新主组织。
 *
 * @param request SetUserPrimaryOrganizationalUnitRequest
 * @return SetUserPrimaryOrganizationalUnitResponse
 */
async function setUserPrimaryOrganizationalUnit(instanceId: string, applicationId: string, userId: string, request: SetUserPrimaryOrganizationalUnitRequest): SetUserPrimaryOrganizationalUnitResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new SetUserPrimaryOrganizationalUnitHeaders{};
  return setUserPrimaryOrganizationalUnitWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

model UpdateUserPasswordHeaders {
  commonHeaders?: map[string]string,
  authorization?: string(name='Authorization', description='This parameter is required.', example='Bearer xxxx'),
}

model UpdateUserPasswordRequest {
  password?: string(name='password', example='xxxx'),
}

model UpdateUserPasswordResponse = {
  headers?: map[string]string(name='headers'),
  statusCode?: int32(name='statusCode'),
}

/**
 * @summary 更新账户密码
 *
 * @param request UpdateUserPasswordRequest
 * @param headers UpdateUserPasswordHeaders
 * @param runtime runtime options for this request RuntimeOptions
 * @return UpdateUserPasswordResponse
 */
async function updateUserPasswordWithOptions(instanceId: string, applicationId: string, userId: string, request: UpdateUserPasswordRequest, headers: UpdateUserPasswordHeaders, runtime: $RuntimeOptions): UpdateUserPasswordResponse {
  request.validate();
  var body : map[string]any = {};
  if (!$isNull(request.password)) {
    body['password'] = request.password;
  }

  var realHeaders : map[string]string = {};
  if (!$isNull(headers.commonHeaders)) {
    realHeaders = headers.commonHeaders;
  }
  if (!$isNull(headers.authorization)) {
    realHeaders['Authorization'] = $string(headers.authorization);
  }
  var req = new OpenApiUtil.OpenApiRequest{ 
    headers = realHeaders,
    body = OpenApiUtil.parseToMap(body),
  };
  var params = new OpenApiUtil.Params{
    action = 'UpdateUserPassword',
    version = '2022-02-25',
    protocol = 'HTTPS',
    pathname = `/v2/${$URL.percentEncode(instanceId)}/${$URL.percentEncode(applicationId)}/users/${$URL.percentEncode(userId)}/actions/updateUserPassword`,
    method = 'POST',
    authType = 'Anonymous',
    style = 'ROA',
    reqBodyType = 'json',
    bodyType = 'none',
  };
  if ($isNull(@signatureVersion) || @signatureVersion != 'v4') {
    return callApi(params, req, runtime);
  } else {
    return execute(params, req, runtime);
  }
}

/**
 * @summary 更新账户密码
 *
 * @param request UpdateUserPasswordRequest
 * @return UpdateUserPasswordResponse
 */
async function updateUserPassword(instanceId: string, applicationId: string, userId: string, request: UpdateUserPasswordRequest): UpdateUserPasswordResponse {
  var runtime = new $RuntimeOptions{};
  var headers = new UpdateUserPasswordHeaders{};
  return updateUserPasswordWithOptions(instanceId, applicationId, userId, request, headers, runtime);
}

